Project

General

Profile

Actions
Copy link

Bug #5351

closed

Sanitze user input, even if restricted by html

Added by Marcel Hellwig about 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
2.3
Start date:
10/28/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:
All

Description

The following XSS can be eleminated, by checking if the input is a number, but I think there are more attacks possible.

Go to the dashboard and open the trafficgraph-settings. Change the input type from number to text for the refresh-interval element and put some xss content inside, e.g.

"><script>alert("XSS")</script>

and voila, there you have it.
I think there are tons of XSS-attacks possible. The problem is, that these settings are shared via user accounts, so a "unprivileged" user can change those settings and attack an admin for example.

Actions
Copy link
 #1

Updated by Jim Thompson about 9 years ago

  • Assignee set to Anonymous
Actions
Copy link
 #2

Updated by Anonymous about 9 years ago

  • Status changed from New to Feedback

Added input validation to this and other widgets that showed the same vulnerability.

Actions
Copy link
 #3

Updated by Anonymous about 9 years ago

  • % Done changed from 0 to 100
Actions
Copy link
 #4

Updated by Chris Buechler almost 9 years ago

  • Status changed from Feedback to Resolved

that instance and others in widgets resolved now

Actions
Copy link

Also available in: Atom PDF